<?php
/*---------------------------------------------------+
| Maztrex Control Panel
| Copyright 2009 - 2011 Maztrex Entertainment
| http://mcp.maztrex.com/
+----------------------------------------------------*/

	session_start();
	include_once("includes/config.php");

	$link=mysql_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASS);
	if(!$link) {
		die('Failed to connect to server: ' . mysql_error());
	}

	$db=mysql_select_db(MYSQL_ACCOUNTS);
	if(!$db) {
		die("Unable to select database");
	}
   $login = $_POST['login'];
   $password = $_POST['password'];
	
   $login = mysql_real_escape_string(html_entity_decode(htmlentities($login)));
   $password = mysql_real_escape_string(html_entity_decode(htmlentities($password)));


	$result=mysql_query("SELECT acct FROM accounts WHERE login='$login' AND password='$password'");
	while ($row = mysql_fetch_array($result)) {
  $acct = $row['acct'];}
	$result2 = mysql_query("SELECT gm FROM accounts WHERE acct='$acct'");
	while ($row2 = mysql_fetch_array($result2)) {
	$gm = $row2['gm'];}
	$qry3="SELECT acct FROM accounts WHERE login='$login' AND password='$password'";
	$result3=mysql_query($qry3);



	if($result) {
		if ($gm == "0"){
		header("location: not-gm.php");
		exit();
		}
		else{
			 if(mysql_num_rows($result3)>0) {

			 session_regenerate_id();
			 $member=mysql_fetch_assoc($result);
			 $_SESSION['SESS_MEMBER_ID']=$login;
			 session_write_close();
			 header("location: main.php");
			 exit();
		}else {

					header("location: login-failed.php");
					exit();
			}
			}
		
	}else {
		die("Query failed");
	}
?>